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WHAT IS CLAIMED IS: 



1 1 . An authentication method comprising the steps of: 

2 generating a first security context in response to a first user authentication; 

3 generating a second security context in response to a second user authentication, 

4 wherein said second security context aggregates said first security context and a security 

5 context corresponding to an identity in said second user authentication. 

1 2. The method of claim 1 further comprising the step of saving said first security 

2 context. 

1 3. The method of claim 2 wherein said step of saving said first security context 

2 comprises the step of pushing said first security context on a stack. 

1 4. The method of claim 1 further comprising the step of receiving a user logoff. 

1 5. The method of claim 4 further comprising the step of destroying said second 

2 security context in response to said step of receiving said user logoff. 

1 6. The method of claim 2 further comprising the step of reverting to said first 

2 security context in response to a user logoff 



The method of claim 6 wherein said step of reverting to said first security context 
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2 comprises the step of popping said first security context off of a stack. 

1 8. The method of claim 1 further comprising the step of determining an access 

2 permission in response to said second security context. 
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1 9. A computer program product embodied in a tangible storage medium, the 

2 program product comprising a program of instructions for performing the method steps 

3 of: 

4 generating a first security context in response to a first user authentication; 

5 generating a second security context in response to a second user authentication, 

6 wherein said second security context aggregates said first security context and a security 

7 context corresponding to an identity in said second user authentication. 

1 10. The program product of claim 9 further comprising instructions for performing 

2 the step of saving said first security context. 

1 11. The program product of claim 10 wherein said step of saving said first security 

2 context comprises the step of pushing said first security context on a stack. 

1 12. The program product of claim 9 further comprising instructions for performing 

2 the step of receiving a user logoff. 

1 13. The program product of claim 12 further comprising instructions for performing 

2 the step of destroying said second security context in response to said step of receiving 

3 said user logoff. 



1 4 . The program product of claim 1 0 further comprising instructions for performing 
the step of reverting to said first security context in response to a user logoff. 
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1 15. The program product of claim 14 wherein said step of reverting to said first 

2 security context comprises the step of popping said first security context off of a stack. 

1 16. The program product of claim 9 further comprising instructions for performing 

2 the step of determining an access permission in response to said second security context. 



- 18- 



AUS9-2000-0706-US1 PATENT 



1 17. A data processing system comprising: 

2 circuitry operable for generating a first security context in response to a first user 

3 authentication; 

4 circuitry operable for generating a second security context in response to a second 

5 user authentication, wherein said second security context aggregates said first security 

6 context and a security context corresponding to an identity in said second user 

7 authentication. 

1 18. The system of claim 1 7 further comprising circuitry operable for saving said first 

2 security context. 

1 19. The system of claim 18 wherein said circuitry operable for saving said first 

2 security context comprises the step of pushing said first security context on a stack. 

1 20. The system of claim 1 7 further comprising circuitry operable for receiving a user 

2 logoff. 

1 21. The system of claim 20 further comprising circuitry operable for destroying said 

2 second security context in response to said step of receiving said user logoff. 

1 22. The system of claim 1 8 further comprising circuitry operable for reverting to said 

2 first security context in response to a user logoff. 
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1 23. The system of claim 22 wherein said circuitry operable for reverting to said first 

2 security context comprises circuitry operable for popping said first security context off 

3 of a stack. 

1 24. The system of claim 1 7 further comprising circuitry operable for determining 

2 an access permission in response to said second security context. 



-20- 



